# /etc/sysctl.d/10-fs-related.conf - Filesystem related.
#
# Values: [0] DISABLE, [1] ENABLE.
#

# A long-standing class of security issues is the symlink-based
# time-of-check-time-of-use race, most commonly seen in world-writable
# directories like /tmp.  The common method of exploitation of this
# flaw is to cross privilege boundaries when following a given symlink
# (i.e. a root process follows a symlink belonging to another user).
# For a likely incomplete list of hundreds of examples across the
# years, please see:
# http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=/tmp
#
# When set to "0", symlink following behavior is unrestricted.
#
# When set to "1" symlinks are permitted to be followed only when
# outside a sticky world-writable directory, or when the uid of the
# symlink and follower match, or when the directory owner matches the
# symlink's owner.
#
fs.protected_symlinks = 1

# A long-standing class of security issues is the hardlink-based
# time-of-check-time-of-use race, most commonly seen in world-writable
# directories like /tmp.  The common method of exploitation of this
# flaw is to cross privilege boundaries when following a given hardlink
# (i.e. a root process follows a hardlink created by another user).
# Additionally, on systems without separated partitions, this stops
# unauthorized users from "pinning" vulnerable setuid/setgid files
# against being upgraded by the administrator, or linking to special
# files.
#
# When set to "0", hardlink creation behavior is unrestricted.
#
# When set to "1" hardlinks cannot be created by users if they do not
# already own the source file, or do not have read/write access to it.
#
fs.protected_hardlinks = 1
